Dozens of Binance users report receiving a series of alarming phishing messages that look very real. These messages even match the phone numbers and SMS inboxes they usually see for official Binance updates.
Most phishing messages reviewed by BeInCrypto have the same content and format. This leads to speculation that a criminal group or individual is targeting Binance users with a sophisticated phishing campaign.
Phishing Campaign Targeting Binance Users
The messages typically warn about unauthorized account activities—such as a new two-factor authentication device being added.
Usually, the phishing messages are followed by a message about Binance API unexpectedly linking with Ledger Live. Recipients are then asked to call a provided phone number.
Some targeted users reported that these messages appeared in the same chain as their legal Binance notifications. This creates confusion and encourages engagement. BeInCrypto's investigations reveal an increase in consumer complaints on X (formerly Twitter).
A Binance user shared the SMS message received in the past week with BeInCryptoMany users reported being surprised that the phishing messages originated from the same sender ID that Binance uses for authentication notifications.
Meanwhile, those behind this campaign seem to be leveraging publicly reported Binance user data leaks on dark web forums.
Last month, an estimated 230,000 user records from Binance and Gemini were reportedly put up for sale on the dark web. Security experts believe these leaks came from phishing attacks rather than direct system breaches.
The suspected criminal group may have used the leaked information—names, phone numbers, and emails—to create targeted messages, creating an illusion of legitimacy.
Moreover, a common pattern in phishing attempts often includes an urgent "isn't this you?" question. It urges recipients to call an embedded phone line instead of simply clicking a link.
This method bypasses the more common SMS phishing link scenario.
Binance Expands Anti-Phishing Code to SMS
In an exclusive email to BeInCrypto, Binance's Security Director, Jimmy Su, responded to these findings. Su confirmed that the company is aware of the increasing SMS phishing attacks.
"We are aware of the increasing SMS phishing attacks, where scammers impersonate us and other legitimate senders via SMS. These scams look more convincing, tricking users into revealing sensitive information, clicking phishing links, or making transfers that lead to asset loss." Binance's Security Director told BeInCrypto.
Su further revealed that Binance has expanded its Anti-Phishing Code to SMS. This feature was initially provided for emails.
This code is a user-defined identifier that appears in official Binance messages, helping recipients easily recognize official notifications and avoid impersonators.
"By integrating a unique Anti-Phishing Code into Binance SMS messages, we are making it significantly more difficult to scam our users," Su said.
The Anti-Phishing Code has been deployed for all licensed jurisdictions where Binance operates.
Furthermore, according to Binance, both registered and unregistered users have reported receiving suspicious messages.
Therefore, attackers may be exploiting databases containing phone numbers of those not actively using Binance.
BeInCrypto advises users to adopt additional measures, such as verifying transactions directly through the Binance app or official website, using multi-factor authentication, and never sharing login information over the phone.
Reporting suspicious messages to Binance's support team is strongly encouraged.
Individuals are advised to confirm official communications by checking the Anti-Phishing Code and carefully reviewing any requests to call the phone numbers provided in unsolicited messages.
